Google has patched a vulnerability in its Chrome web browser that could reveal a user’s browsing history. The problem has existed since the early 2000s and was related to how browsers display visited links.
Image source: Solen Feyissa / Unsplash
To display previously visited links (marked in purple), the browser must track these pages using cascading style sheets via the :visited selector. As Google explained, the essence of the bug was that information about which links the user had already visited was stored without sharing privacy between the visited sites. That is, any site could determine whether a certain link had been clicked before, even if it was displayed on a completely different resource.
Image source: developer.chrome.com
«You browse site A and click on a link to site B. Later, you visit a malicious site C, which also contains a link to site B. It can tell that you’ve already been to site B simply by identifying the link by its color,” Google explained.
Image source: developer.chrome.com
The company called it a fundamental design flaw in the browser and emphasized that it could be used to track users’ online activity. The vulnerability affected not only Chrome, but also other browsers, including Safari, Opera, Internet Explorer, and Firefox, PCMag reports.
The problem was first brought to attention by security researcher Andrew Clover back in 2002. He visually demonstrated all the stages of a possible attack, based on a Princeton University research paper, “Timing Attacks on Web Privacy.”
The fix is already included in the beta version of the Chrome 136 update. Now information about visited links will be stored separately for each site and will not be transferred between resources.